Being an avid Game of Thrones fan, something struck me while watching the latest season – many companies today are investing in age old defences which are completely ineffective against the new breed of cyber attackers.
Think of your business as a castle – a defence-in-depth approach is needed to secure your walls and keep would be invaders at bay. There’d be a moat to deter attackers from breaching the outer walls, a central entrance point, protected by a portcullis-type gate to allow only those we trusted into the keep, and along the walls we’d have turrets atop them to give our defenders a secure vantage point.
The defensive structure outlined above is the traditional way we’d protect ourselves. Now, having faced the same defences time and time again, the horde at our walls will eventually come to know our fortress intimately and discover ways around them.
In keeping with the metaphor, let’s say the invaders realise that attacks launched from the ground up, the outside in, are easily repelled.
What happens when your enemy learns to fly, or, more insidiously, has someone on the inside?
Now, a new defensive approach is needed to keep the castle safe – the old methods won’t stand a chance against these new attacks.
This analogy works well when applied to the current cyber security landscape. As we’ve written about before, the answer to an effective defence against today’s attackers isn’t hidden in logs, nor is the defence-in-depth approach sufficient to ward off their advances.
Today’s attackers have outsmarted yesterday’s defences. We must accept that our networks are likely already breached. A quick search of your personal details on sites such as www.haveibeenpwned.com will show when and where your personal details have been leaked. More often than not, these leaks were the results of attacks against businesses with much larger budgets and security teams than the average organisation.
There are also more sophisticated tools, such as those in LMNTRIX Recon, that can trawl the deep and dark web to uncover the true extent of your data’s exposure.
The truism of the Internet is that you will be exposed to attacks and humans will make errors. None of us mean to make mistakes, but it’s a fact that all businesses should be ready to accept.
So when the time comes to reconsider your security strategy, will you invest in a shinier castle with the same defences as before, or are you going to augment your already functioning castle with newer defences that give a fighting chance against these new attacks?
The first step in defeating the modern menace is to understand their techniques. Why spend millions on newer versions of technology and services that have failed in the past? If we understand that attackers will evade these traditional controls, then our new approach should attempt to identify these attacks whilst in flight and marry this with an approach to handle the incident before it spreads throughout the network.
Using a validated security architecture will allow you to identify real attacks in flight, the same attacks that have evaded your current controls. Against the insider threat, for example, by knowing when a resource is accessed that should not be accessed, or knowing when a user’s behaviour is outside of their normal pattern, a greater degree of accuracy can be maintained when classifying an incident. This takes a lot of skill and a great deal of knowledge. It doesn’t happen by accident, nor does it come from the current approach to securing a network – it requires new thinking and experienced analysts that are dedicated to spotting these trends.
Here at LMNTRIX we have pioneered a new service approach to validating the unknown, zeroing in on the issues and giving companies much needed time to implement their incident response plans. Believe it or not, this can be achieved without the need for expensive equipment or services – services like SIEM that perform the same function as someone taking your watch and telling you the time for a handsome monthly fee.
Spoiler Alert. Read no further if you’re not up to date with Game of Thrones.
Let me put it another way. Knowing what we now know about the White Walkers and their army, would you continue forging ordinary swords, or would you start mining Dragonglass?